crypt.conf

- configuration file for pluggable crypt modules

Synopsis

/etc/security/crypt.conf

Description

crypt.conf is the configuration file for the pluggable crypt architecture. Each
crypt module must provide a function to generate a password hash, crypt_genhash_impl(3C),
and a function to generate the salt, crypt_gensalt_impl(3C).

There must be at least one entry in crypt.conf with the same
name as is stored in the crypt_algorithm_magic symbol of the module. The
documentation provided with the module should list this name.

The module_path field specifies the path name to a shared library object
that implements crypt_genhash_impl(), crypt_gensalt_impl(), and crypt_algorithm_magic. If the path name is
not absolute, it is assumed to be relative to /usr/lib/security/$ISA. If the
path name contains the $ISA token, the token is replaced by an
implementation-defined directory name that defines the path relative to the calling program's
instruction set architecture.

The params field is used to pass module-specific options to the shared
objects. See crypt_genhash_impl(3C) and crypt_gensalt_impl(3C). It is the responsibility of the
module to parse and interpret the options. The params field can
be used by the modules to turn on debugging or to pass any
module-specific parameters that control the output of the hashing algorithm.

Examples

Example 1 Provide compatibility for md5crypt-generated passwords.

The default configuration preserves previous Solaris behavior while adding compatibility for md5crypt-generated
passwords as provided on some BSD and Linux systems.

#
# crypt.conf
#
1 /usr/lib/security/$ISA/crypt_bsdmd5.so

Example 2 Use md5crypt to demonstrate compatibility with BSD– and Linux–based systems.

The following example lists 4 algorithms and demonstrates how compatibility with BSD–
and Linux–based systems using md5crypt is made available, using the algorithm names
1 and 2.